Re: A question regarding QOS

On Sat, Feb 28, 2009 at 12:38 PM, Simon <greminn@...> wrote:
> Hi there,
>
> We are running Endain FW 2.2rc3 on a XenServer VM. This works really
> well, but i have a question on how to setup some QOS on the link.
>
> We have a asterisk server and a nagios server behind the firewall and
> i want to do the following:
>
> 1. Our asterisk server connects to a IAX2 server outside the network,
> so prioritise the traffic for this above normal http/ftp etc.
>
> 2. Prioritise the pings for the nagios server so that everytime
> satuate our upload capacity we dont get alert emails.
>
> Can anyone assist here?
>
> Thanks
>
> Simon
>

Bump - can anyone assist here please?

THanks!!!

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation

Re: A question regarding QOS

Never actually needed qos, but I can throw you some ideas.
All traffic has to pass through whatever device is going to
prioritize the packets. This can be either a network switch
with qos, or a router with qos.

Efw doesn't include it, so I wouldn't suggest installing
something unless you know how and have the time.

You can run efw along with another router like m0n0wall, (or
any of the many distros out there) and run them both at the
same time on your xenserver.

You'd set the m0n0wall's lan port as the lan's gateway for
your users. Then connect the m0n0wall's wan port to your
efw's lan port, and then connect the ewf's wan port to your
broadband.

It would require setting up things, like forwarding ports
inward from the efw to the m0n0wall, then forward the ports
in the m0n0wall to the final IP address.

broadband modem->efw->m0n0wall->lan

If it's a really busy connection, you might need a dual-core
or more host. 

__________ Information from ESET NOD32 Antivirus, version of
virus signature database 3897 (20090228) __________

The message was checked by ESET NOD32 Antivirus.

Re: compared bandwidth efw/ipcop

David W Studeman a écrit :
> NightLord wrote:
>
>   
>> NightLord a écrit :
>>     
>>> Hi everyone... This i s a bit strange... last time i was questionning
>>> about snort, and today i'm questionning myself about efw... I've
>>> re-installed ipcop on my hardware and found that i was able to download
>>> at full speed (ie 1.6 MB -> 12.Mbits/s)... I switched bak to ipcop
>>> 2.2rc3 and found my max download were back to /_200/250 MB_/ (kB to be
>>> read !)... What can be so greedy for efw so he cannot go for more than
>>> this download rate... what can set a limit ? the conf is the same on the
>>> 2 installation (no proxy, no out firewalling, 1 orange and a couple of
>>> port forwarding)
>>>  
> you lose about 100MB of ram for each monitored interface. Most experienced 
> users only enable on green, your log summary is far more useful to see 
> unsolicited attempts, the ones that show on red and have dest none, that 
> means they were dropped and the firewall did it's job. Probably the one 
> thing I can say for sure is that you can never have too much ram.
>   
Hi again...

Here's a little point regarding my download speed and the pro/against 
ipcop/efw thing... As i started to get bored by the old hardware, that 
caused me to loose way to much time, i decided to get a brand new 
computer... it's not a big one, it's "only" a dualcore E2180 with 1GB 
ram (instead of my 256 MB)... Now EFW runs quite the same (maybe a 
little better) as IPcop.... Sometime, it's better to cut the crap and do 

Local hostnames - DHCP

Hi,

I was just wondering if it is possible to have resolving local hostnames
for machines that get the IP addresses from DHCP?

e.g. If I connect a laptop (laptop1) to the network, and then try to
ping it on the network:

ping laptop1
I get:
ping: unknown host laptop1

I can see the host names in the DHCP part of the services tab.

I upgraded to endian from IPCop, and under IPCop all local hostnames
would resolve correctly.

Could this be due to the way it has been configured?

Thanks,

Phil 

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H

Re: Local hostnames - DHCP

Did you try adding your domain-name after the hostname?  If that works, then 
you might have to add (probably uncomment) a line in the dnsmasq.conf file 
to auto-append it.

I think you can do that on a windows client as well by setting the dns 
search order ("Append these suffixes...") in TCP settings.

Maybe that helps.

-AJ

----- Original Message ----- 
From: "Philip Trickett (List)" <phil-ml@...>
To: <efw-user@...>
Sent: Monday, March 02, 2009 6:42 AM
Subject: [Efw-user] Local hostnames - DHCP

> Hi,
>
> I was just wondering if it is possible to have resolving local hostnames
> for machines that get the IP addresses from DHCP?
>
> e.g. If I connect a laptop (laptop1) to the network, and then try to
> ping it on the network:
>
> ping laptop1
> I get:
> ping: unknown host laptop1
>
> I can see the host names in the DHCP part of the services tab.

Re: Nvidia Lan Driver...

NightLord a écrit :
> Hello,
>
> I have to deal with an acer computer (Extensa e264) that will need to 
> handle orange.. only problem, There are only 2 pci slots, so i can put 
> only 2 "well-known" netwaork cards... the third is the integrated 
> nics, that happen to be a nvidia 10/100/1000... I've seen on the 
> nvidia site drivers for linux (here : 
> http://www.nvidia.com/object/linux_nforce_1.23.html) but my question 
> is how to get it work with efw... There seems to be rpm version... if 
> i put it on the efw box, would efw be able to recognize "afterwards" 
> the third and last nic ? thanks for your answers ;)
>
> regards
> Stéphane
>
I forgot to tell you that i've planned to install the fedora nvidia lan 
driver rpm... the 32 bits version...

regards Stephane

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H

Nvidia Lan Driver...

Hello,

I have to deal with an acer computer (Extensa e264) that will need to 
handle orange.. only problem, There are only 2 pci slots, so i can put 
only 2 "well-known" netwaork cards... the third is the integrated nics, 
that happen to be a nvidia 10/100/1000... I've seen on the nvidia site 
drivers for linux (here : 
http://www.nvidia.com/object/linux_nforce_1.23.html) but my question is 
how to get it work with efw... There seems to be rpm version... if i put 
it on the efw box, would efw be able to recognize "afterwards" the third 
and last nic ? thanks for your answers ;)

regards
Stéphane

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H

Re: A question regarding QOS

http://www.google.com/search?complete=0&hl=en&safe=off&q=Linux+router+with+QoS

For example:

A small, Linux router distribution for x86 has added QoS
(quality-of-service) management features claimed capable of classifying
packets regardless of port. The 1.0.beta4 release of Zeroshell now includes
QoS software from the open source "L7-filter" project, along with a QoS
management interface.

The L7-filter project maintains software that works with Linux's Netfilter
kernel firewall to identify packets based on application-layer data, rather
than merely by port or IP address. The L7-filter software is meant to
enhance Linux's port- and IP-address based QoS features, in bandwidth
arbitration ("packet shaping") and traffic accounting applications,
according to its SourceForge project website. 

--

-- 
View this message in context: http://www.nabble.com/A-question-regarding-QOS-tp22256581p22320613.html
Sent from the efw-user mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H

Re: Local hostnames - DHCP

Hi AJ,

No, there is still no resolution of names on the network for hosts that
have DHCP assigned addresses.

This is strange, as in the logs I see the following:

Mar 4 15:46:19 dhcpd DHCPREQUEST for 192.168.5.194 from
00:16:42:21:8f:b2 (tiny) via br0

where tiny is the name of the host.

I can't quite work out why this is not working, as from the sounds of
it, it should pretty much work 'out of the box'

Phil

On Mon, 2009-03-02 at 12:11 -0500, AJ Weber wrote:
> Did you try adding your domain-name after the hostname?  If that works, then 
> you might have to add (probably uncomment) a line in the dnsmasq.conf file 
> to auto-append it.
> 
> I think you can do that on a windows client as well by setting the dns 
> search order ("Append these suffixes...") in TCP settings.
> 
> Maybe that helps.
> 
> -AJ
> 
> 

Is policy routing available in the community edition?

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user